Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

Why it’s great: No company or government agency can afford to have a serious breach in the security of its computer system. New technologies and an unending supply of creative hackers around the world keep the field challenging. Consultants can often work from home. And top-level pros command big paychecks.

Drawbacks: Talk about stress. If a system is infiltrated by a virus or hacker, it could mean lights out for the security consultant’s career. “This is a job you can’t afford to ever fail in,” says Evans.

Pre-reqs: Mostly major geekdom, since the skills can be self-taught. Still, a computer science degree comes in handy. An information systems security professional certification (CISSP) is increasingly favored. Experience is key for better-paying positions: Most companies won’t hire a consultant with less than five years of experience.

A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.

According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real thing. They look authentic, and with the help of DNS poisoning routines, they even display google.com yahoo.com or bing.com in the address bar.

But the search results returned by these bogus sites have been ginned in some significant ways. While links contained in the organic results ultimately lead to a real site, browsers are first redirected to a series of ad networks that receive a small referral fee. Sponsored links, which typically pay the real search engine each time they are clicked, have also been jury rigged so a smaller ad network gets paid instead.

“The idea is to make money through click fraud,” said Matt Graham, a risk analyst at Click Forensics that provides auditing services to advertisers. “When those people actually do searches, that’s when these guys can display these ads hidden in the organic search results.”

It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.